CVE-2005-1564
First published: Thu May 12 2005(Updated: )
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.16.1 | |
| Mozilla Bugzilla | =2.18-rc1 | |
| Mozilla Bugzilla | =2.16.2 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.10 | |
| Mozilla Bugzilla | =2.17.1 | |
| Mozilla Bugzilla | =2.16 | |
| Mozilla Bugzilla | =2.14.2 | |
| Mozilla Bugzilla | =2.14.3 | |
| Mozilla Bugzilla | =2.14.4 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.17.3 | |
| Mozilla Bugzilla | =2.16.4 | |
| Mozilla Bugzilla | =2.12 | |
| Mozilla Bugzilla | =2.16.3 | |
| Mozilla Bugzilla | =2.14.5 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.17 | |
| Mozilla Bugzilla | =2.18-rc2 | |
| Mozilla Bugzilla | =2.14.1 | |
| Mozilla Bugzilla | =2.16.5 | |
| Mozilla Bugzilla | =2.14 | |
| Mozilla Bugzilla | =2.19.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1564?
CVE-2005-1564 is classified as a moderate vulnerability allowing unauthorized bug entries.
How do I fix CVE-2005-1564?
To fix CVE-2005-1564, upgrade to Bugzilla version 2.19.3 or later.
Which Bugzilla versions are affected by CVE-2005-1564?
Bugzilla versions 2.10 through 2.18, 2.19.1, and 2.19.2 are affected by CVE-2005-1564.
Who can exploit CVE-2005-1564?
CVE-2005-1564 can be exploited by remote authenticated users.
What type of attack does CVE-2005-1564 facilitate?
CVE-2005-1564 facilitates an attack that allows users to enter bugs into closed products.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.16.1
- version/mozilla bugzilla/2.18-rc1
- version/mozilla bugzilla/2.16.2
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.10
- version/mozilla bugzilla/2.17.1
- version/mozilla bugzilla/2.16
- version/mozilla bugzilla/2.14.2
- version/mozilla bugzilla/2.14.3
- version/mozilla bugzilla/2.14.4
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.17.3
- version/mozilla bugzilla/2.16.4
- version/mozilla bugzilla/2.12
- version/mozilla bugzilla/2.16.3
- version/mozilla bugzilla/2.14.5
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.17
- version/mozilla bugzilla/2.18-rc2
- version/mozilla bugzilla/2.14.1
- version/mozilla bugzilla/2.16.5
- version/mozilla bugzilla/2.14
- version/mozilla bugzilla/2.19.2